Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: scorpia on July 16, 2010, 06:58:28 AM
-
hi, i tried to download Malwarebytes' Anti-Malware but it doesnt work, so i added the other two logs , hope someone can help me solve and remove these spyware from my computer.. i also get messages from my ISP that this computer is spamming, thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:27:42, on 16/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Emsisoft\Online Armor\OAcat.exe
D:\Program Files\Emsisoft\Online Armor\oasrv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
C:\Downloads\Office12\GrooveMonitor.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\Program Files\Emsisoft\Online Armor\oaui.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\Emsisoft\Online Armor\OAhlp.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\DOWNLO~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Downloads\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VIPv3_Auto_Update] D:\WINDOWS\VIPv3\CheckForUpdates.exe
O4 - HKLM\..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [syncman] d:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Regedit32] D:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegGenie v2.1 - Trial Expired] "D:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.1] "D:\Program Files\RegGenie\RegGenieOnReboot.exe"
O4 - HKCU\..\Run: [syncman] d:\documents and settings\user\wuaucldt.exe
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [Skype] "D:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [RegGenie v2.1 - Trial Expired] "D:\Program Files\RegGenie\RegGenieOnRebootExpired.exe" (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [RegGenie v2.1] "D:\Program Files\RegGenie\RegGenieOnReboot.exe" (User '?')
O4 - HKUS\S-1-5-21-1177238915-1958367476-839522115-1003\..\Run: [syncman] d:\documents and settings\user\wuaucldt.exe (User '?')
O4 - S-1-5-21-1177238915-1958367476-839522115-1003 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Downloads\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Downloads\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\DOWNLO~1\Office12\ONBttnIE.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://download09.managerzone.com/soccer-3d/PowerLoader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261713001484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275513616437
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\DOWNLO~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - D:\WINDOWS\System32\alg.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoExNT - Unknown owner - D:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca3bab13fe64a8) (gupdate1ca3bab13fe64a8) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Emsisoft\Online Armor\oasrv.exe
--
End of file - 9163 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/15/2010 at 08:11 PM
Application Version : 4.40.1002
Core Rules Database Version : 5203
Trace Rules Database Version: 3015
Scan type : Complete Scan
Total Scan Time : 03:52:26
Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 7493
Registry threats detected : 23
File items scanned : 207963
File threats detected : 353
Trojan.Agent/Gen-FakeAlert
HKU\S-1-5-21-1177238915-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4727508E-0C9E-FE8C-D9E9-0A1A59A1AEE2}
HKCR\CLSID\{4727508E-0C9E-FE8C-D9E9-0A1A59A1AEE2}
HKCR\CLSID\{4727508E-0C9E-FE8C-D9E9-0A1A59A1AEE2}
HKCR\CLSID\{4727508E-0C9E-FE8C-D9E9-0A1A59A1AEE2}\InProcServer32
HKCR\CLSID\{4727508E-0C9E-FE8C-D9E9-0A1A59A1AEE2}\InProcServer32#ThreadingModel
D:\WINDOWS\SYSTEM32\P_-DEO.DLL
Adware.Tracking Cookie
D:\Documents and Settings\user\Cookies\[email protected][3].txt
D:\Documents and Settings\user\Cookies\[email protected][2].txt
D:\Documents and Settings\user\Cookies\[email protected][1].txt
D:\Documents and Settings\user\Cookies\[email protected][1].txt
D:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\Administrator.WORKGROU-226A27\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator.WORKGROU-226A27\Cookies\system@revenue[2].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
142.memecounter.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
c2.zedo.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
googleads.g.doubleclick.net [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media.jambocast.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media.scanscout.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media.y3.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media.y8.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media1.break.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
media1.clubpenguin.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
memecounter.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
msnbcmedia.msn.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
richmedia247.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
video.unrulymedia.com [ C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\DAPQS35L ]
.statcounter.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ydqp9je1.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ydqp9je1.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ydqp9je1.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ydqp9je1.default\cookies.sqlite ]
C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[3].txt
C:\Documents and Settings\user\Cookies\user@atdmt[4].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt
C:\Documents and Settings\user\Cookies\user@chitika[1].txt
C:\Documents and Settings\user\Cookies\user@clickbank[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[2].txt
C:\Documents and Settings\user\Cookies\user@lynxtrack[1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@myroitracking[1].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][3].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt
C:\Documents and Settings\user\Cookies\user@toplist[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\user\Cookies\[email protected][1].txt
C:\Documents and Settings\user\Cookies\user@weborama[1].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\[email protected][2].txt
C:\Documents and Settings\user\Cookies\user@zedo[2].txt
.msnaccountservices.112.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
account.live.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.cpmstar.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adtech.de [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.socialmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.socialmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.indextools.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.indextools.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.weborama.fr [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.turnerapac.112.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adlegend.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cgm.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.gamesbannernet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adopt.euroclick.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adopt.euroclick.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adopt.euroclick.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cgm.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.cgm.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.segainc.112.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.unrulymedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.gamesbannernet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.pstats.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.gamesbanner.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.gamesbanner.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ford.112.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cf-db02.clickfacts.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.c7.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.zedo.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banners.battleon.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banners.battleon.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banners.battleon.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.cpmstar.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.cpmstar.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.gjacket.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.qksrv.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.qksrv.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.cpmstar.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.sonyonlineentertainment.112.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.gamesbannernet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ehg-nokiafin.hitbox.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.hitbox.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ads.gamesbannernet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revenue.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adrevolver.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adrevolver.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
media.adrevolver.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.statcounter.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas21.emediate.eu [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
eas21.emediate.eu [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.goal.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
adserve.city-ad.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.technoratimedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.99counters.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cache.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cache.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
media.scanscout.com [ D:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V32SRW5G ]
media.y8.com [ D:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V32SRW5G ]
secure-us.imrworldwide.com [ D:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V32SRW5G ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.azjmp.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
server.lon.liveperson.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
banners.es-facil.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
in.getclicky.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.overture.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.premiumonlinemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.premiumonlinemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.googleadservices.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
s03.flagcounter.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.liveperson.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
fl01.ct2.comclick.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.msnportal.112.2o7.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.99counters.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.myroitracking.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.clicksor.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
p.n.i.cltomedia.info [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cltomedia.info [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cltomedia.info [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cltomedia.info [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.server.cpmstar.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.www.multicounter.de [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
s07.flagcounter.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
*Blocked Russian URL* [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ D:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
Trojan.DNSChanger-Codec
HKLM\Software\1
HKLM\Software\1#31AC70412E939D72A9234CDEBB1AF5867B
HKLM\Software\1#31897356954C2CD3D41B221E3F24F99BBA
HKLM\Software\1#31C2E1E4D78E6A11B88DFA803456A1FFA5
HKLM\Software\9
HKLM\Software\9#31AC70412E939D72A9234CDEBB1AF5867B
HKLM\Software\9#31897356954C2CD3D41B221E3F24F99BBA
HKLM\Software\9#31C2E1E4D78E6A11B88DFA803456A1FFA5
Adware.Flash Tracking Cookie
D:\Documents and Settings\user\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V32SRW5G\MEDIA.Y8.COM
D:\Documents and Settings\user\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V32SRW5G\SECURE-US.IMRWORLDWIDE.COM
Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc
Malware.Trace
D:\WINDOWS\SYSTEM32\H7T.WT
D:\WINDOWS\SYSTEM32\HGTD.RUY
HKU\S-1-5-21-1177238915-1958367476-839522115-1003\Software\V71IQL7HI7
Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\TEMP\IZOHORE.BMP
Trojan.Agent/Gen-Tres[Drop]
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\807.EXE
Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\REMOVEWGA.EXE
Trojan.Agent/Gen-System
C:\WINDOWS\SYSTEM32\T.DLL
[recovering disk space - old attachment deleted by admin]
-
Hi, Welcome to Computerhope! :)
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop. (If you already have it downloaded, then just follow the instructions below).
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
-
here are the two logs after the scan. thanks for ur help
OTL.Txt
OTL logfile created on: 19/07/2010 11:49:18 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
446.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 13.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39.06 Gb Total Space | 0.63 Gb Free Space | 1.61% Space Free | Partition Type: NTFS
Drive D: | 35.46 Gb Total Space | 1.41 Gb Free Space | 3.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/07/14 16:06:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/07 12:52:58 | 003,065,160 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oahlp.exe
PRC - [2010/07/07 12:52:54 | 006,854,984 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oaui.exe
PRC - [2010/06/28 23:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- D:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/01/08 18:15:32 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/06 22:53:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/08/09 10:27:52 | 000,073,728 | ---- | M] (HP) -- D:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Downloads\Office12\GrooveMonitor.exe
PRC - [2004/08/04 02:56:50 | 001,402,880 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/07/07 12:52:56 | 000,947,016 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oawatch.dll
MOD - [2005/12/15 08:57:46 | 000,029,184 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\dwmapi.dll
MOD - [2004/08/04 02:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 02:56:48 | 000,053,760 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\winsta.dll
MOD - [2004/08/04 02:56:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2004/08/04 02:56:48 | 000,018,432 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wtsapi32.dll
MOD - [2004/08/04 02:56:44 | 000,094,720 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
========== Driver Services (SafeList) ==========
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginen ame: "Search"
FF - prefs.js..browser.search.defaulturl: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {afb88f3b-ee71-b533-8433-2fc6c4aa8937}:4.6.6.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: D:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/07/15 09:53:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/07/14 16:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/07/27 22:33:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/07/18 16:42:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions
[2009/12/06 22:43:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{3EB3C1FE-4FED-4ef7-A78C-6616E2521FB5}
[2009/07/30 01:32:16 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{61511f82-5694-4c77-a030-874128bfa3bf}
[2009/12/06 22:43:10 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/15 11:00:06 | 000,000,000 | ---D | M] (IE Tab) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/22 22:38:12 | 000,000,000 | ---D | M] (TV Center Toolbar) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{a7347e8c-1ca6-469b-951e-4a23c4437935}
[2010/05/07 13:06:00 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2009/12/06 22:43:09 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/08/30 23:33:12 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/06 22:43:08 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/06 22:52:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/30 01:26:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2009/07/30 01:32:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2010/07/14 16:13:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2009/12/06 22:43:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\SkipScreen@SkipScreen
[2010/07/14 16:13:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\staged-xpis
[2009/08/13 18:49:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2009/12/06 22:43:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2009/07/30 12:04:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\[email protected]
[2009/08/31 00:19:52 | 000,002,119 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\searchplugins\MyStart Search.xml
[2010/05/26 22:03:00 | 000,000,259 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\searchplugins\Search.xml
[2010/07/18 16:42:55 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/26 22:04:15 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- D:\Program Files\Mozilla Firefox\extensions\{afb88f3b-ee71-b533-8433-2fc6c4aa8937}
[2010/05/23 12:22:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/15 13:53:07 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/15 12:28:17 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
O1 HOSTS File: ([2010/07/08 18:01:30 | 000,403,631 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13982 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Downloads\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] D:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Downloads\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Regedit32] D:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [syncman] D:\WINDOWS\System32\wuaucldt.exe File not found
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VIPv3_Auto_Update] D:\WINDOWS\VIPv3\CheckForUpdates.exe ()
O4 - HKCU..\Run: [RegGenie v2.1] D:\Program Files\RegGenie\RegGenieOnReboot.exe ()
O4 - HKCU..\Run: [RegGenie v2.1 - Trial Expired] D:\Program Files\RegGenie\RegGenieOnRebootExpired.exe ()
O4 - HKCU..\Run: [syncman] d:\documents and settings\user\wuaucldt.exe File not found
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: D:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Downloads\Office12\ONENOTEM.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Downloads\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Downloads\Office12\ONBttnIE.dll (Microsoft Corporation)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab (DLM Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://download09.managerzone.com/soccer-3d/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261713001484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275513616437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Downloads\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\WINDOWS\system32\wowctl2.dll (EzTools Software)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - D:\WINDOWS\system32\eztoolslib2.dll ()
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - D:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Downloads\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 10:46:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36a42a8f-bb3c-11de-8aac-101111111111}\Shell - "" = AutoRun
O33 - MountPoints2\{36a42a8f-bb3c-11de-8aac-101111111111}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4ff65b0-b544-11de-8aa7-101111111111}\Shell - "" = AutoRun
O33 - MountPoints2\{d4ff65b0-b544-11de-8aa7-101111111111}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B0087AEE-2CA7-4296-B0C3-663AA619DF1B} - Google Toolbar for Internet Explorer 8
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{41F02982-7E09-474B-AD97-649739052445} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - D:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2010/07/19 11:43:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/17 22:48:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Desktop\installs
[2010/07/16 15:01:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/16 15:01:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/07/16 15:01:17 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 12:24:49 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/07/15 21:20:25 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Skype
[2010/07/15 13:53:47 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/07/15 13:53:04 | 000,153,376 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/07/15 13:53:04 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/07/15 13:53:04 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/07/15 13:32:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/07/15 13:32:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/15 13:32:10 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2010/07/15 09:06:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\OnlineArmor
[2010/07/15 09:06:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/07/15 09:00:52 | 000,236,104 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OADriver.sys
[2010/07/15 09:00:52 | 000,028,232 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAnet.sys
[2010/07/15 09:00:52 | 000,022,600 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAmon.sys
[2010/07/15 09:00:40 | 000,000,000 | ---D | C] -- D:\Program Files\Emsisoft
[2010/07/15 08:47:08 | 000,017,744 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/15 08:47:07 | 000,165,456 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/15 08:47:06 | 000,023,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/15 08:47:04 | 000,046,672 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/15 08:47:00 | 000,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/15 08:47:00 | 000,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/15 08:46:57 | 000,028,880 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/15 08:46:14 | 000,038,848 | ---- | C] (ALWIL Software) -- D:\WINDOWS\avastSS.scr
[2010/07/15 08:46:12 | 000,165,032 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/07/15 08:45:48 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2010/07/15 08:45:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/09 22:42:33 | 000,397,312 | ---- | C] (Proland Software) -- D:\Documents and Settings\user\Desktop\cleantibs.exe
[2010/07/08 20:05:28 | 000,000,000 | ---D | C] -- D:\Program Files\CyberDefender
[2010/07/08 19:56:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Desktop\RegGenie.v2.0.Incl.Keygen
[2010/07/08 19:38:12 | 000,000,000 | ---D | C] -- D:\Program Files\RegGenie
[2010/07/04 11:20:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TrackMania
[2010/07/04 11:17:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\My Documents\TrackMania
[2010/07/04 11:01:14 | 000,000,000 | ---D | C] -- D:\Program Files\TmNationsForever
[2010/06/29 13:25:08 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\user\Recent
[2010/06/29 13:20:49 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2010/06/29 11:26:16 | 000,000,000 | ---D | C] -- D:\WINDOWS\speech
[2010/06/29 11:20:30 | 000,000,000 | ---D | C] -- D:\Program Files\Golden Al-Wafi Translator
[2010/06/29 11:18:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\Setup1.exe
[2010/06/29 11:17:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\ST6UNST.EXE
[2010/06/29 10:43:55 | 000,042,000 | ---- | C] (CACE Technologies) -- D:\WINDOWS\System32\drivers\npf.sys
[2010/06/27 14:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NexonEU
[2010/06/27 11:26:49 | 000,000,000 | ---D | C] -- D:\Download
[2010/06/27 11:00:27 | 000,000,000 | ---D | C] -- D:\Nexon
[2010/06/27 10:59:35 | 000,421,888 | ---- | C] (NEXON Inc.) -- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
[2010/06/23 23:54:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\PowerChallenge
[2010/05/29 13:36:42 | 000,018,944 | ---- | C] ( ) -- D:\WINDOWS\System32\Implode.dll
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/19 11:13:03 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 04:13:01 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/18 06:40:35 | 000,252,564 | ---- | M] () -- D:\Documents and Settings\user\Desktop\FHSetup.exe
[2010/07/17 23:06:28 | 000,000,298 | -HS- | M] () -- D:\WINDOWS\tasks\QNGLVAECT.job
[2010/07/17 23:06:28 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/17 23:06:01 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/17 22:16:02 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/17 22:04:27 | 010,747,904 | -H-- | M] () -- D:\Documents and Settings\user\NTUSER.DAT
[2010/07/17 22:04:27 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\user\ntuser.ini
[2010/07/16 15:01:57 | 000,000,706 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 12:25:31 | 000,002,445 | ---- | M] () -- D:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/07/15 16:56:13 | 001,402,880 | ---- | M] () -- D:\Documents and Settings\user\Desktop\HiJackThis.msi
[2010/07/15 13:32:14 | 000,001,688 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/15 09:04:56 | 000,437,878 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/07/15 09:04:55 | 000,069,808 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/07/15 08:47:10 | 000,001,710 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/15 08:47:02 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/07/13 11:37:10 | 000,001,739 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/09 22:42:37 | 000,397,312 | ---- | M] (Proland Software) -- D:\Documents and Settings\user\Desktop\cleantibs.exe
[2010/07/09 17:57:41 | 000,021,504 | ---- | M] () -- D:\WINDOWS\System32\ff4h.gy
[2010/07/09 01:16:16 | 000,329,888 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/08 19:58:51 | 000,083,976 | ---- | M] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/08 19:38:22 | 000,000,710 | ---- | M] () -- D:\Documents and Settings\user\Desktop\RegGenie.lnk
[2010/07/08 18:01:30 | 000,403,631 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010/07/07 12:25:58 | 000,022,600 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAmon.sys
[2010/07/07 12:25:42 | 000,028,232 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAnet.sys
[2010/07/07 12:25:38 | 000,236,104 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OADriver.sys
[2010/07/06 12:42:14 | 000,000,001 | ---- | M] () -- D:\Documents and Settings\user\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/07/04 11:31:04 | 000,010,142 | ---- | M] () -- D:\Documents and Settings\user\Desktop\New Microsoft Office Word Document (2).docx
[2010/07/01 18:16:08 | 000,000,214 | ---- | M] () -- D:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/06/29 13:28:32 | 000,001,070 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132829.reg
[2010/06/29 13:28:10 | 000,005,400 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132805.reg
[2010/06/29 13:27:38 | 000,303,382 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132710.reg
[2010/06/29 13:21:01 | 000,001,558 | ---- | M] () -- D:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/06/29 12:28:37 | 000,000,655 | ---- | M] () -- D:\WINDOWS\wafi2000.ini
[2010/06/29 11:59:29 | 000,001,555 | ---- | M] () -- D:\WINDOWS\ata live update.ini
[2010/06/29 11:18:07 | 000,172,032 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Setup1.exe
[2010/06/29 11:17:45 | 000,073,216 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ST6UNST.EXE
[2010/06/28 23:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- D:\WINDOWS\avastSS.scr
[2010/06/28 23:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/06/28 23:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 23:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 23:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 23:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 23:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 23:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 23:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 11:33:53 | 000,000,004 | ---- | M] () -- D:\Documents and Settings\user\proxy_port
[2010/06/27 10:59:37 | 000,421,888 | ---- | M] (NEXON Inc.) -- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- D:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javacpl.cpl
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/18 06:40:26 | 000,252,564 | ---- | C] () -- D:\Documents and Settings\user\Desktop\FHSetup.exe
[2010/07/16 15:01:57 | 000,000,706 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 12:24:55 | 000,002,445 | ---- | C] () -- D:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/07/15 16:55:47 | 001,402,880 | ---- | C] () -- D:\Documents and Settings\user\Desktop\HiJackThis.msi
[2010/07/15 13:32:14 | 000,001,688 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/15 08:47:10 | 000,001,710 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/15 07:55:42 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\Startup.cpl
[2010/07/08 19:38:22 | 000,000,710 | ---- | C] () -- D:\Documents and Settings\user\Desktop\RegGenie.lnk
[2010/07/08 14:39:51 | 000,021,504 | ---- | C] () -- D:\WINDOWS\System32\ff4h.gy
[2010/07/04 11:29:14 | 000,010,142 | ---- | C] () -- D:\Documents and Settings\user\Desktop\New Microsoft Office Word Document (2).docx
[2010/07/01 18:16:08 | 000,002,101 | ---- | C] () -- D:\Documents and Settings\user\Application Data\HPSU_48BitScanUpdate.log
[2010/07/01 18:16:08 | 000,000,214 | ---- | C] () -- D:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/06/29 13:28:31 | 000,001,070 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132829.reg
[2010/06/29 13:28:08 | 000,005,400 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132805.reg
[2010/06/29 13:27:16 | 000,303,382 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132710.reg
[2010/06/29 13:21:00 | 000,001,558 | ---- | C] () -- D:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/06/29 11:59:29 | 000,001,555 | ---- | C] () -- D:\WINDOWS\ata live update.ini
[2010/06/28 11:33:53 | 000,000,004 | ---- | C] () -- D:\Documents and Settings\user\proxy_port
[2010/06/02 23:38:44 | 000,123,614 | ---- | C] () -- D:\WINDOWS\System32\drivers\NVCAP.SYS
[2010/05/31 12:02:50 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2010/05/30 23:51:18 | 000,182,275 | ---- | C] () -- D:\WINDOWS\System32\d3d10core.dll
[2010/05/30 23:51:18 | 000,124,931 | ---- | C] () -- D:\WINDOWS\System32\dxgi.dll
[2010/05/30 23:51:16 | 000,376,832 | ---- | C] () -- D:\WINDOWS\System32\M2000Twn.dll
[2010/05/30 23:51:16 | 000,169,984 | ---- | C] () -- D:\WINDOWS\System32\glut32.dll
[2010/05/30 23:51:16 | 000,169,984 | ---- | C] () -- D:\WINDOWS\System32\glut.dll
[2010/05/30 23:51:09 | 000,073,728 | ---- | C] () -- D:\WINDOWS\System32\CompressATI2.dll
[2010/05/29 13:36:48 | 000,864,256 | ---- | C] () -- D:\WINDOWS\System32\PGPDLL.dll
[2010/05/29 13:36:46 | 000,354,056 | ---- | C] () -- D:\WINDOWS\System32\Rivet200.dll
[2010/05/29 13:36:44 | 000,700,416 | ---- | C] () -- D:\WINDOWS\System32\eztoolslib2.dll
[2010/05/29 13:36:43 | 000,167,936 | ---- | C] () -- D:\WINDOWS\System32\DirWatcher.dll
[2010/05/29 13:36:43 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\AESCrypt.dll
[2009/12/26 15:46:47 | 000,000,221 | ---- | C] () -- D:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/20 06:11:36 | 000,000,666 | ---- | C] () -- D:\WINDOWS\VisualTooltip.ini
[2009/09/30 13:21:00 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/09/18 13:12:41 | 007,770,095 | ---- | C] () -- D:\WINDOWS\System32\VIPv3_EXT.dll
[2009/09/18 13:12:29 | 000,000,096 | ---- | C] () -- D:\WINDOWS\docs.ini
[2009/08/17 11:18:43 | 000,013,304 | ---- | C] () -- D:\WINDOWS\System32\drivers\BTNetFilter.sys
[2009/08/14 13:30:50 | 000,002,320 | ---- | C] () -- D:\WINDOWS\System32\Servmess.dll
[2009/08/12 12:58:49 | 000,011,860 | ---- | C] () -- D:\WINDOWS\System32\drivers\vbtenum.sys
[2008/12/07 12:44:54 | 000,030,088 | ---- | C] () -- D:\WINDOWS\System32\drivers\btnetBus.sys
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- D:\WINDOWS\System32\CddbCdda.dll
[2004/07/17 13:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2001/12/18 11:10:40 | 000,000,655 | ---- | C] () -- D:\WINDOWS\wafi2000.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- D:\WINDOWS\System32\hptcpmon.ini
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.exe /lockedfiles >
[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
[2010/07/19 04:13:01 | 000,000,882 | ---- | M] () Unable to obtain MD5 -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 11:13:03 | 000,000,886 | ---- | M] () Unable to obtain MD5 -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 23:06:28 | 000,000,298 | -HS- | M] () Unable to obtain MD5 -- D:\WINDOWS\Tasks\QNGLVAECT.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/07/26 13:25:46 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/07/26 13:25:45 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/07/26 13:25:45 | 000,888,832 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.sys >
[2001/08/23 18:00:00 | 000,009,029 | ---- | M] () -- D:\WINDOWS\system32\ansi.sys
[2001/08/23 18:00:00 | 000,027,097 | ---- | M] () -- D:\WINDOWS\system32\country.sys
[2001/08/23 18:00:00 | 000,004,768 | ---- | M] () -- D:\WINDOWS\system32\himem.sys
[2001/08/23 18:00:00 | 000,042,809 | ---- | M] () -- D:\WINDOWS\system32\key01.sys
[2004/08/04 00:46:56 | 000,042,537 | ---- | M] () -- D:\WINDOWS\system32\keyboard.sys
[2001/08/23 18:00:00 | 000,027,866 | ---- | M] () -- D:\WINDOWS\system32\ntdos.sys
[2001/08/23 18:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos404.sys
[2001/08/23 18:00:00 | 000,029,370 | ---- | M] () -- D:\WINDOWS\system32\ntdos411.sys
[2001/08/23 18:00:00 | 000,029,274 | ---- | M] () -- D:\WINDOWS\system32\ntdos412.sys
[2001/08/23 18:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:10 | 000,033,840 | ---- | M] () -- D:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:16 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:12 | 000,035,648 | ---- | M] () -- D:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:16 | 000,035,424 | ---- | M] () -- D:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio804.sys
[2004/08/04 01:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\watchdog.sys
[2004/08/04 01:17:42 | 001,835,904 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\win32k.sys
[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.dll >
[2010/02/11 07:19:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\drivers\ati2erec.dll
[2002/09/18 02:11:02 | 000,077,824 | R--- | M] (Socket Communications Inc.) -- D:\WINDOWS\system32\drivers\SioUi2k.dll
[2004/08/04 00:56:48 | 000,053,760 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\vfwwdm32.dll
< %systemroot%\system32\drivers\*.ini >
< %systemroot%\system32\drivers\*.exe >
[2002/09/23 02:30:48 | 000,040,960 | R--- | M] (Socket Communications Inc.) -- D:\WINDOWS\system32\drivers\SCTray.exe
< %SYSTEMDRIVE%\*.* >
[2007/07/31 21:18:42 | 000,233,839 | ---- | M] () -- D:\ .zip
[2007/12/10 21:33:07 | 000,000,000 | ---- | M] () -- D:\03767.3gp
[2007/12/09 13:43:55 | 000,000,020 | ---- | M] () -- D:\24492.3gp
[2007/12/10 21:33:32 | 000,000,000 | ---- | M] () -- D:\28934.3gp
[2007/12/10 21:33:28 | 000,000,000 | ---- | M] () -- D:\30798.3gp
[2007/12/09 13:42:50 | 000,000,020 | ---- | M] () -- D:\61530.3gp
[2007/12/10 21:33:24 | 001,384,975 | ---- | M] () -- D:\63118.3gp
[2007/12/10 21:33:12 | 000,000,000 | ---- | M] () -- D:\67351.3gp
[2007/12/10 21:33:00 | 000,000,000 | ---- | M] () -- D:\67888.3gp
[2008/10/31 20:40:30 | 001,788,826 | ---- | M] () -- D:\apQuran.rar
[1994/09/05 00:59:54 | 000,075,290 | ---- | M] () -- D:\BACK_W.WAV
[2007/06/07 19:32:34 | 000,000,064 | ---- | M] () -- D:\BC31CASE.INI
[2010/01/15 11:10:19 | 000,137,972 | ---- | M] () -- D:\BdUninstallTool2010.01.15-11.09.35.log
[2010/01/15 11:10:19 | 000,000,038 | ---- | M] () -- D:\BdUninstallTool2010.01.15-11.09.35.reg
[2008/08/14 16:58:37 | 000,098,304 | ---- | M] () -- D:\BK02.BOK
[2008/08/14 16:58:37 | 000,000,128 | ---- | M] () -- D:\BK02.ldb
[2007/08/18 19:56:27 | 002,841,600 | ---- | M] () -- D:\clinic.doc
[1999/09/05 17:01:54 | 000,162,326 | ---- | M] () -- D:\clock.wav
[2007/03/19 22:04:34 | 000,016,826 | -H-- | M] () -- D:\COD001OU.GID
[1999/06/23 13:13:30 | 000,604,538 | ---- | M] () -- D:\eff01.avi
[1999/06/23 12:23:56 | 000,273,558 | ---- | M] () -- D:\eff02.avi
[1999/06/23 12:36:34 | 000,098,218 | ---- | M] () -- D:\eff03.avi
[1999/06/23 12:43:16 | 000,104,456 | ---- | M] () -- D:\eff04.avi
[1999/06/23 12:47:14 | 000,085,920 | ---- | M] () -- D:\eff05.avi
[1999/06/23 12:53:26 | 000,106,074 | ---- | M] () -- D:\eff06.avi
[1999/06/23 12:58:22 | 000,289,972 | ---- | M] () -- D:\eff07.avi
[1999/06/23 13:27:22 | 000,030,780 | ---- | M] () -- D:\eff08.avi
[1999/06/23 13:43:34 | 000,087,956 | ---- | M] () -- D:\eff09.avi
[1999/06/23 13:48:44 | 000,137,152 | ---- | M] () -- D:\eff10.avi
[1999/06/29 13:58:22 | 000,044,926 | ---- | M] () -- D:\eff11.avi
[2002/02/19 13:28:26 | 000,001,988 | ---- | M] () -- D:\EXIT.GIF
[2002/02/19 13:28:40 | 000,002,005 | ---- | M] () -- D:\EXIT1.GIF
[1999/09/08 12:43:00 | 000,057,654 | ---- | M] () -- D:\finish.bmp
[2008/03/28 09:19:44 | 000,340,992 | ---- | M] () -- D:\game.doc
[2008/08/14 16:58:13 | 000,000,064 | ---- | M] () -- D:\GAMES_01.ldb
[2008/08/14 16:58:13 | 000,688,128 | ---- | M] () -- D:\GAMES_01.MDB
[2008/01/02 11:11:36 | 000,110,080 | ---- | M] () -- D:\generals.doc
[1999/10/01 01:18:22 | 000,007,350 | ---- | M] () -- D:\HELP.TXT
[2008/10/31 20:52:55 | 000,423,515 | ---- | M] () -- D:\hqmp3.zip
[2008/10/16 22:54:53 | 002,587,728 | ---- | M] () -- D:\ica32t.exe
[2009/02/22 22:15:26 | 001,211,904 | ---- | M] () -- D:\ict.doc
[2010/07/16 22:29:52 | 000,012,145 | ---- | M] () -- D:\JavaRa.log
[1999/08/31 16:27:18 | 002,409,486 | ---- | M] () -- D:\join_snd.wav
[1999/09/04 16:07:22 | 000,485,182 | ---- | M] () -- D:\let_wav.wav
[1999/06/05 13:17:20 | 000,057,654 | ---- | M] () -- D:\L_E.BMP
[2009/06/08 07:37:32 | 025,740,144 | ---- | M] () -- D:\m1.exe
[2003/03/10 16:49:00 | 000,940,544 | ---- | M] () -- D:\MAALEM.DOC
[2005/09/06 18:39:54 | 001,019,904 | ---- | M] (NIPPON INSTRUMENTS) -- D:\Md.exe
[2002/02/19 13:32:18 | 000,016,260 | ---- | M] () -- D:\NAME.GIF
[2008/10/06 10:35:54 | 000,290,304 | ---- | M] () -- D:\New Microsoft Word Document.doc
[1999/03/01 10:42:02 | 000,412,693 | ---- | M] () -- D:\NIC.HLP
[1999/09/04 16:05:54 | 000,430,590 | ---- | M] () -- D:\num_wav.wav
[2010/07/17 23:05:54 | 4194,304,000 | -HS- | M] () -- D:\pagefile.sys
[2002/02/19 13:36:24 | 000,001,292 | ---- | M] () -- D:\PAUSE.GIF
[2002/02/19 13:37:20 | 000,001,279 | ---- | M] () -- D:\PAUSE1.GIF
[2002/02/19 13:38:56 | 000,001,371 | ---- | M] () -- D:\PLAY.GIF
[2002/02/19 13:39:20 | 000,001,372 | ---- | M] () -- D:\PLAY1.GIF
[1999/07/17 16:24:04 | 000,020,238 | ---- | M] () -- D:\qrn_back.bmp
[2008/10/31 21:18:52 | 016,145,083 | ---- | M] () -- D:\QuranSetup1.exe
[2005/04/21 00:41:04 | 001,478,656 | ---- | M] (و يرزقه من حيث لا يحتسب) -- D:\Quran_CD5.exe
[2007/05/10 16:24:03 | 006,952,448 | ---- | M] () -- D:\Scrap.shs
[2009/07/24 01:07:41 | 000,000,000 | ---- | M] () -- D:\sdsetup.exe
[2003/07/29 09:38:28 | 166,326,409 | ---- | M] (Indigo Rose Corporation http://www.indigorose.com) -- D:\setup.exe
[2009/07/24 01:10:34 | 004,930,976 | ---- | M] () -- D:\spv41.zip
[2008/03/04 21:29:14 | 000,008,146 | ---- | M] () -- D:\ST5UNST.LOG
[2007/10/26 06:21:32 | 000,004,199 | ---- | M] () -- D:\ST6UNST.LOG
[2002/02/19 13:40:14 | 000,001,382 | ---- | M] () -- D:\STOP.GIF
[2002/02/19 13:40:38 | 000,001,383 | ---- | M] () -- D:\STOP1.GIF
[1999/08/30 12:55:16 | 000,080,972 | ---- | M] () -- D:\TASFEEK.WAV
[2007/10/20 06:16:55 | 000,060,928 | ---- | M] () -- D:\Title and backgrounds[1].doc
[2009/02/28 22:33:17 | 000,026,624 | ---- | M] () -- D:\To dedicate to those diverse deities.doc
[2008/01/02 11:14:47 | 000,009,378 | ---- | M] () -- D:\untitled.bmp
[1999/09/05 17:05:10 | 000,296,358 | ---- | M] () -- D:\wait_s.wav
[2009/02/28 16:06:59 | 007,803,496 | ---- | M] () -- D:\wordweb5.exe
[2005/04/20 17:33:52 | 006,955,008 | ---- | M] () -- D:\ZI112.GIF
[2009/02/28 22:33:17 | 000,000,162 | -H-- | M] () -- D:\~$ dedicate to those diverse deities.doc
< %PROGRAMFILES%\*. >
[2010/06/09 21:59:45 | 000,000,000 | ---D | M] -- D:\Program Files\A-PDF Password Security
[2010/06/09 22:31:17 | 000,000,000 | ---D | M] -- D:\Program Files\A-PDF Restrictions Remover
[2010/05/01 17:15:48 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2010/06/29 12:40:09 | 000,000,000 | ---D | M] -- D:\Program Files\Advanced Registry Optimizer
[2010/07/15 08:45:48 | 000,000,000 | ---D | M] -- D:\Program Files\Alwil Software
[2009/07/28 11:51:36 | 000,000,000 | ---D | M] -- D:\Program Files\AskBarDis
[2010/06/03 07:29:46 | 000,000,000 | ---D | M] -- D:\Program Files\ASTRA32
[2010/06/19 08:23:36 | 000,000,000 | ---D | M] -- D:\Program Files\ATI Technologies
[2010/01/15 11:20:06 | 000,000,000 | ---D | M] -- D:\Program Files\BitDefender
[2006/04/25 20:48:29 | 000,000,000 | ---D | M] -- D:\Program Files\Business Objects
[2010/06/29 13:21:01 | 000,000,000 | ---D | M] -- D:\Program Files\CCleaner
[2009/10/09 09:36:11 | 000,000,000 | ---D | M] -- D:\Program Files\Citrix
[2009/09/30 17:24:06 | 000,000,000 | ---D | M] -- D:\Program Files\Click-2U
[2010/07/15 21:20:25 | 000,000,000 | ---D | M] -- D:\Program Files\Common Files
[2009/07/26 10:41:36 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2010/07/08 20:05:28 | 000,000,000 | ---D | M] -- D:\Program Files\CyberDefender
[2009/12/26 09:21:39 | 000,000,000 | ---D | M] -- D:\Program Files\Daydream Software
[2010/05/01 20:32:00 | 000,000,000 | ---D | M] -- D:\Program Files\DDC Testing Center v3
[2009/09/25 15:25:17 | 000,000,000 | ---D | M] -- D:\Program Files\DIFX
[2010/05/31 09:38:23 | 000,000,000 | ---D | M] -- D:\Program Files\directx
[2009/08/07 17:15:56 | 000,000,000 | ---D | M] -- D:\Program Files\DivX
[2010/06/02 23:05:49 | 000,000,000 | ---D | M] -- D:\Program Files\Driver Checker
[2010/07/15 09:00:40 | 000,000,000 | ---D | M] -- D:\Program Files\Emsisoft
[2010/06/29 12:26:05 | 000,000,000 | ---D | M] -- D:\Program Files\Golden Al-Wafi Translator
[2010/06/02 23:07:45 | 000,000,000 | ---D | M] -- D:\Program Files\Google
[2009/08/22 23:38:36 | 000,000,000 | ---D | M] -- D:\Program Files\GuidedWays
[2009/12/26 15:42:06 | 000,000,000 | ---D | M] -- D:\Program Files\HP
[2010/06/29 13:04:59 | 000,000,000 | -H-D | M] -- D:\Program Files\InstallShield Installation Information
[2009/08/20 17:25:27 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2010/07/15 13:52:58 | 000,000,000 | ---D | M] -- D:\Program Files\Java
[2009/08/20 16:43:02 | 000,000,000 | ---D | M] -- D:\Program Files\jre
[2010/05/30 23:51:09 | 000,000,000 | ---D | M] -- D:\Program Files\KM-Software
[2010/07/16 15:12:06 | 000,000,000 | ---D | M] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/07/26 19:08:15 | 000,000,000 | ---D | M] -- D:\Program Files\Messenger
[2009/10/10 23:50:21 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft
[2009/07/26 10:46:42 | 000,000,000 | ---D | M] -- D:\Program Files\microsoft frontpage
[2010/01/29 14:13:41 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Office
[2009/10/14 18:30:47 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Silverlight
[2009/08/07 16:49:02 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Visual Studio
[2009/08/07 16:49:53 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Works
[2009/08/07 16:47:30 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft.NET
[2009/07/27 11:57:04 | 000,000,000 | ---D | M] -- D:\Program Files\Movie Maker
[2010/07/14 16:06:50 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox
[2009/08/20 17:38:55 | 000,000,000 | ---D | M] -- D:\Program Files\MSBuild
[2009/07/26 10:40:03 | 000,000,000 | ---D | M] -- D:\Program Files\MSN
[2009/07/26 10:41:01 | 000,000,000 | ---D | M] -- D:\Program Files\MSN Gaming Zone
[2009/08/20 17:23:38 | 000,000,000 | ---D | M] -- D:\Program Files\MSXML 6.0
[2009/08/12 19:42:46 | 000,000,000 | ---D | M] -- D:\Program Files\NCC Education
[2009/08/07 16:27:16 | 000,000,000 | ---D | M] -- D:\Program Files\NCH Software
[2009/07/27 11:57:03 | 000,000,000 | ---D | M] -- D:\Program Files\NetMeeting
[2009/09/25 15:40:28 | 000,000,000 | ---D | M] -- D:\Program Files\Nokia
[2009/11/06 22:52:38 | 000,000,000 | ---D | M] -- D:\Program Files\NOS
[2009/07/26 10:44:29 | 000,000,000 | ---D | M] -- D:\Program Files\Online Services
[2009/07/27 11:57:04 | 000,000,000 | ---D | M] -- D:\Program Files\Outlook Express
[2009/09/25 15:24:54 | 000,000,000 | ---D | M] -- D:\Program Files\PC Connectivity Solution
[2010/06/03 06:35:09 | 000,000,000 | ---D | M] -- D:\Program Files\PC Drivers HeadQuarters
[2010/06/09 22:20:23 | 000,000,000 | ---D | M] -- D:\Program Files\PDF Password Unlocker
[2009/07/28 13:10:43 | 000,000,000 | ---D | M] -- D:\Program Files\Philips
[2009/09/30 13:07:27 | 000,000,000 | ---D | M] -- D:\Program Files\PowerISO
[2009/08/22 23:14:16 | 000,000,000 | ---D | M] -- D:\Program Files\Quran_AR
[2010/06/03 07:24:16 | 000,000,000 | ---D | M] -- D:\Program Files\RadarSync
[2009/09/22 20:37:17 | 000,000,000 | ---D | M] -- D:\Program Files\Real
[2009/12/25 07:32:13 | 000,000,000 | ---D | M] -- D:\Program Files\Realtek
[2009/12/25 07:17:20 | 000,000,000 | ---D | M] -- D:\Program Files\Realtek AC97
[2009/08/20 17:38:30 | 000,000,000 | ---D | M] -- D:\Program Files\Reference Assemblies
[2010/07/08 19:59:52 | 000,000,000 | ---D | M] -- D:\Program Files\RegGenie
[2009/07/27 11:57:09 | 000,000,000 | ---D | M] -- D:\Program Files\SCANVIEW
[2009/07/28 13:33:40 | 000,000,000 | R--D | M] -- D:\Program Files\Skype
[2010/07/15 14:07:43 | 000,000,000 | ---D | M] -- D:\Program Files\Spyware Doctor
[2010/07/15 13:32:59 | 000,000,000 | ---D | M] -- D:\Program Files\SUPERAntiSpyware
[2010/06/03 00:01:00 | 000,000,000 | ---D | M] -- D:\Program Files\SystemRequirementsLab
[2010/07/04 11:14:56 | 000,000,000 | ---D | M] -- D:\Program Files\TmNationsForever
[2010/07/16 12:24:49 | 000,000,000 | ---D | M] -- D:\Program Files\Trend Micro
[2009/12/25 20:47:03 | 000,000,000 | ---D | M] -- D:\Program Files\TryMedia
[2009/08/12 19:43:31 | 000,000,000 | -H-D | M] -- D:\Program Files\Uninstall Information
[2010/05/28 10:45:28 | 000,000,000 | ---D | M] -- D:\Program Files\uTorrent
[2009/07/31 14:02:55 | 000,000,000 | ---D | M] -- D:\Program Files\VideoLAN
[2009/08/03 22:18:15 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live
[2010/06/15 11:06:40 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live Safety Center
[2009/08/03 22:18:01 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live SkyDrive
[2009/09/18 13:17:00 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Media Player
[2009/07/27 11:57:10 | 000,000,000 | ---D | M] -- D:\Program Files\Windows NT
[2009/07/26 10:44:34 | 000,000,000 | -H-D | M] -- D:\Program Files\WindowsUpdate
[2009/08/07 17:02:27 | 000,000,000 | ---D | M] -- D:\Program Files\WinRAR
[2009/07/26 10:46:42 | 000,000,000 | ---D | M] -- D:\Program Files\xerox
[2009/08/20 16:43:11 | 000,000,000 | -H-D | M] -- D:\Program Files\Zero G Registry
< %appdata%\*.* >
[2009/07/29 08:57:18 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\user\Application Data\bcrypt.html
[2009/07/26 13:27:45 | 000,000,062 | -HS- | M] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2010/07/01 18:16:29 | 000,002,101 | ---- | M] () -- D:\Documents and Settings\user\Application Data\HPSU_48BitScanUpdate.log
[2009/10/03 16:30:32 | 000,124,766 | ---- | M] () -- D:\Documents and Settings\user\Application Data\NMM-MetaData.db
[2009/12/26 15:47:05 | 000,261,746 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Update_HP_RedboxHprblog_HPSU.log
< MD5 for: AGP440.SYS >
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: DISK.SYS >
[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 00:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\WINDOWS\system32\drivers\disk.sys
< MD5 for: EVENTLOG.DLL >
[2004/08/04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2004/08/04 02:56:46 | 000,407,040 | ---- | M] (Mic
-
Hi, :)
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://www.geekstogo.com/forum/downloads.html&req=download&code=confirm_download&id=197)
Alternate link: Forospyware.com (http://www.forospyware.com/sUBs/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
- Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
-
hi .. it seems that the programs runs but no windows open and i get no report or anything after i run what u mentioned above
can u help? tell me what the problem is?
-
Hi, :)
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
-
hi ... GMER load then finds 10 things or so then the computer changes display and doesnt respond.. what do u suggest?
-
disable CD Emulation programs using DeFogger please perform these steps:[list=1]
- Please download DeFogger (http://download.bleepingcomputer.com/jpshortstuff/Defogger.exe) to your desktop.
- Once downloaded, double-click on the DeFogger icon to start the tool.
- The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
- When it prompts you whether or not you want to continue, please click on the Yes button to continue
- When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
- If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
===========
After you have done this, please re-run GMER and post the log here.
-
hi when i finshed with defogger and run GMER it finds some and progresses more than before and i press scan ... the scan starts and it finds like 100 or more then doesnt respond and the computer restarts automatically... i tried it like 10 time with the same result
can u help?
-
Hi, :)
Please download 7-Zip (http://www.7-zip.org) and install it. If you already have it, no need to reinstall.
Then, download RootkitUnhooker (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar) and save the setup to your Desktop.
- Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
- Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
- Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
- It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
- Once inside the interface, do not fix anything. Click on the Report tab.
- Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
- It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
- When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
-
hi
i extracted the program using 7-zip then i ran the setup but i dont know where is the RKU*** folder ur talking about
-
i ran the rku from start menu then it gave me a message saying parasuite is found in the program do u want to remove it
i cancalled it and continued and a program opened RootkitUnhooker
-
Hi, :)
Has RKU finished running?
-
here is the report from RKU
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
ntkrnlpa.exe-->NtAllocateVirtualMemory, Type: Address change 0x805A74DE-->F243DED0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805D4DD0-->F243E700 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtClose, Type: Address change 0x805BAEB4-->F2391CD2 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x805A2FF4-->F243BDA0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x80577E5E-->F244B9C0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x80622048-->F2391B8E [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtCreatePort, Type: Address change 0x805A3B10-->F243B8E0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805CFA1C-->F2438620 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805CF966-->F2438A30 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x805A9DEE-->F2437EF0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805CF804-->F2439F20 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x80640F36-->F243AB90 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x806224D8-->F2392142 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x806226A8-->F239206C [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805BC890-->F2391764 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x80582DFE-->F243D490 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x80578F5C-->F244C040 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x806233DE-->F2391C68 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C9C46-->F23916A4 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805A8E12-->F2438310 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C9ED2-->F2391708 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805B6DA2-->F243E350 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtQueryDirectoryFile, Type: Address change 0x80578C3E-->F243DA70 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80620102-->F2391D88 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x805CFA62-->F243E8A0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80621A6E-->F2392210 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtRequestPort, Type: Address change 0x805A146E-->F243C9A0 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x805A179A-->F243CF90 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80620450-->F2391D48 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtResumeThread, Type: Address change 0x805D3148-->F243B340 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x805A2788-->F243C190 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805CFF26-->F243A970 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060DB2E-->F243AD30 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80620708-->F2391EC8 [D:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x80610D7E-->F243D370 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805D3210-->F243B520 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D3082-->F243B130 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x80615EA8-->F243AF40 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D1170-->F2439C80 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D136A-->F243A760 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtUnloadDriver, Type: Address change 0x80582F92-->F243D780 [D:\WINDOWS\system32\drivers\OADriver.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B2D5C-->F243E520 [D:\WINDOWS\system32\drivers\OADriver.sys]
-
hi is there anything for me to do?
-
Hi.
Could you please re-run ComboFix in Safe Mode with Networking by rebooting, tapping F8 until is asks you which mode to boot into please choose Safe mode with Networking and re-run ComboFix.
-
hi i run windows in safe mode with networking.. re-run commy and nothing different happens... it loads and no windows open... any solutions?... thanks
-
Hi.
I will send you a PM of instructions.
-
hi Sneakyone .. i will be on holiday for 5-7 days so please post ur instructions and i will try to do it as fast as possible.. thanks
-
Hi.
I thought I sent you a PM with instructions, but I will do it again. :)
-
hi i sent u a personal message... please reply:D